Table of Contents
Advertisement
Creating and Applying ACL Policies
Ordering Filter Entries
When entries are created, they should be arranged sequentially from the most explicit entry to the
least explicit entry. Filter matching ceases when a packet matches an entry. The entry action is
performed on the packet. To be considered a match, the packet must meet all the match criteria
defined in the entry.
Packets are compared to entries in a filter policy in an ascending entry ID order. To reorder entries
in a filter policy, edit the entry ID value; for example, to reposition entry ID 6 to a more explicit
location, change the entry ID 6 value to entry ID 2 using the renum filter policy command.
When a filter consists of a single entry, the filter executes actions as follows:
•
•
If a filter policy contains two or more entries, packets are compared in ascending entry ID order (1,
2, 3 or 10, 20, 30, etc.):
•
•
•
•
Page 436
If a packet matches all the entry criteria, the entry's specified action is performed (drop or
forward).
If a packet does not match all of the entry criteria, the policy's default action is performed.
Packets are compared with the criteria in the first entry ID (the lowest numberical entry ID
value).
If a packet matches all the match criteria defined in the entry, the entry's specified action is
executed.
If a packet does not match, the packet continues to the next entry, and so on until a match
is found or until all entries are compared.
If a packet does not completely match any entries, then the default action is performed.
7750 SR OS Router Configuration Guide
Advertisement
Table of Contents
